<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
header('Access-Control-Allow-Headers:x-requested-with,content-type');

global $wpdb,$user_ID;

$action  = (isset($_GET['action']) ) ? $_GET['action'] : 0; 

if ( $action === "register" ) { 
    get_template_part( 'templates/content', 'reg' );
} elseif ( $action === "lostpassword" ) {
    get_template_part( 'templates/content', 'lost' );
} else {
    if (!$user_ID) {  
        if($_POST){ //数据提交 
            //We shall SQL escape all inputs
            $username = $wpdb->escape($_POST['username']);
            $password = $wpdb->escape($_POST['password']);
            $remember = $wpdb->escape($_POST['rememberme']);
            if($remember){
                $remember = true;
            } else {
                $remember = false;
            }
            if($username=='' || $password==''){ 
                echo "<i class='iconfont icon-crying mr-2'></i><span class='error'>请认真填写表单！</span>"; 
                exit();
            }
            if(is_email($username)){
                $user = get_user_by( 'email', $username );
                if ( isset( $user, $user->user_login, $user->user_status ) && 0 == (int) $user->user_status )
                $username = $user->user_login;
            }
            $login_data = array();
            $login_data['user_login'] = $username;
            $login_data['user_password'] = $password;
            $login_data['remember'] = $remember;
            //$user_verify = wp_signon( $login_data, false );

            if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
                $user_verify = wp_signon($login_data, true);
            }else{
                $user_verify = wp_signon($login_data, false);
            }
            //wp_signon 是wordpress自带的函数，通过用户信息来授权用户(登陆)，可记住用户名
            if(is_wp_error($user_verify)){
                echo "<i class='iconfont icon-crying mr-2'></i><span class='error'>用户名或密码错误，请重试!</span>"; 
                exit();
            } else {  
                if ( isset( $_REQUEST['redirect'] ) || isset( $_REQUEST['redirect_to'] ) ){
                    $redirect_to = isset($_REQUEST['redirect']) ?  $_REQUEST['redirect'] : $_REQUEST['redirect_to']; 
                    echo '<script type="text/javascript">window.location="'. urldecode($redirect_to) .'"</script>';
                    exit();
                }
                //error_log($user_verify->ID.user_can($user_verify->ID,'manage_options').$url.PHP_EOL, 3, "./php_xx.log");
                if (user_can($user_verify->ID,'manage_options')) {
                    echo "<script type='text/javascript'>window.location='". admin_url() ."'</script>";
                } else {
                    echo "<script type='text/javascript'>window.location='". get_bloginfo('url') ."'</script>";
                }
                exit();
            }
        } else {
            get_template_part( 'templates/content', 'login' );
        }
    } else { 
        echo "<script type='text/javascript'>window.location='". get_bloginfo('url') ."'</script>";
    }

}
